Hello,
In the current Firefox OS model, we have a permission model based on webAPI access. But this may not be enough if we want to have more granular checks (per app). We come to discuss this topic during the NFC workweek. Here is he context: you install an app from the marketplace. Let's say it is a Visa app which allow you to do payment with your NFC-enabled phone. To do that, the app needs to access a Secure Element stored in the UICC. But we need to check a certain app has actually the right to access the UICC. Usually, the UICC has rules and knows which app it can talk to or not by checking the integrity and the identity of the app. In Firefox OS, the Access Control module doing the checks will be implemented in the OS. So here is the deal: we need to allow an app to have two certificates: * the usual Mozilla certificate to sign the app on the marketplace * a "vendor" certificate (for NFC payment). This vendor certificate would then be checked in the FxOS system. Note that this is a strong requirement for NFC payment apps. We could think about adding a special field in the app manifest for the public key certificate. What are your thought about that? Stéphanie _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
